1. Field of the Invention
The present invention relates to techniques for heightening security in communication protocols. More specifically, the present invention relates to a method and an apparatus for increasing network security by encapsulating cryptographic information across different network layers.
2. Related Art
The explosive growth of the Internet has led to a proliferation of networked devices over the past few years. Due to a large increase in the number of networked devices, the Internet Protocol version 4 (IPv4) address space, which is based on a 32-bit long address format, will soon run out of usable addresses. To solve this problem, Internet Protocol version 6 (IPv6) was proposed. IPv6 defines a 128-bit long address format, which is believed to provide a sufficient number of addresses to accommodate all networked devices. These networked devices can include cell phones, personal data assistants (PDAs), and other computing devices.
Unfortunately, when IPv6 was designed many years ago, it was difficult to foresee the wide deployment of wireless networks that are being used today. Hence, the IPv6 mechanisms that manage local links were designed with physically protected, trustworthy links in mind. Today, people are planning to use IPv6 on public wireless networks, such as Wireless LANs (WLANs) in airports, hotels, etc. In such networks, even though an actual link may be somewhat protected with layer two (data link layer) authentication, access control, and encryption, some of the nodes on the link could still be untrustworthy. Furthermore, it is easy to set up a non-authentic WLAN base station that can be used to launch various types of attacks, such as access stealing, Denial-of-Service (DoS) attacks, and traffic-snooping attacks.
To address these security problems in IPv6, a Cryptographically Generated Address (CGA) can be used. In essence, a CGA allows a node to use a short but secure expression of its public key (for example, a part of a secure hash of the public key) as part of its IPv6 address. This CGA mechanism actually allows a node to prove that it has the authorization to use a particular address. This simple but powerful concept has far-ranging implications and applications to network security, reaching beyond IPv6 networks.
A similar concept is that of a “Hash Based Address” (HBA). It also uses a secure hash (e.g., SHA-1); but instead of a public key, the input to the secure hash function is a static identifier. Accordingly, an HBA alone cannot prove that its owner is the sole entity authorized to perform certain operations on the address. Nevertheless, they do have the non-reversible property of the secure hash function. Hence, they can be used to prove that an HBA is a special type of address, one that is derived securely from certain (perhaps public) parameters. This property of safely distinguishing addresses, between those that have the HBA property and those that do not, is quite useful to prevent certain types of attacks.
Both the CGA and HBA proposals define ways to derive IPv6 addresses. However, both of the above suffer from the limitation that an IPv6 address (more specifically, the interface-identifier part of an IPv6 address) leaves only 62 bits available for the hash value. In order to derive the security properties of CGA/HBA schemes, enough bits are required so that the uniqueness properties of the secure hash are maintained. The secure hash function SHA-1 produces 160 bits, but with the limitation of IPv6 addresses (and other CGA/HBA applications), the output must be truncated and not all 160 bits can be used.
Nevertheless, it is generally acknowledged that 128 bits and even fewer bits (approximately 100 bits) are more than enough for protection against attackers trying to find collisions on the secure hash by brutal force.
However, in the case of CGA/HBA, people increasingly question whether 62 bits are enough.
There have been some efforts to work within the 62-bit limitation by trading off increased protection with increased work load when generating the addresses. This is not nearly as practical as being able to keep more bits from the output of the secure hash function.
Hence, what is needed is a method and an apparatus that allows more bits to be used with the CGA and HBA techniques.